Attackers can use *.amazonaws.com to host their phishing websites.
Command and Control
The Pareto Botnet was found using *.amazonaws.com as their C&C servers.
Attackers can create web applications with upload functionalities hosted on *.amazonaws.com and exfiltrate data on there. Alternatively, attackers can use *.s3.amazonaws.com as storage and upload exfiltrated files there.
Malicious tools can be stored on *.amazonaws.com and downloaded when required.
Last Update: 2021-11-10